Better control of site content and access
By Red Squirrel
1: We do the usual mysql stuff, those vars are simply stored in some other file and well, the values are none of your business. :P
2: The query checked to see if a user matched with the username and password given so if there's 1 result, we keep going, but if there's 0 results, then we do stuff. Usually we'd give a chance, but since only admins use this particular system we're more strict.
3: Since the user got the password wrong, we block him off, don't mind what that function does, since it's one I made and use in that script, normally you would display a "bad username/password" message.
4: This is really interesting. Basically we want to generate a random string that we will use for the session string. But to make it super unique, we just MD5 a bunch of stuff together, including the IP address and random numbers, then make a super long string. The possibilities are endless here, just have fun!
5: Then we put the cookie (this is why doing the auth stuff before data output is a must) and also update the user record with that session.
6: Then we're ready to do whatever we want to do once we're logged in! There better not be security exploits in this since I'm screwed. :P
Well this ends the tutorial. I hope that you learned something from it. And with the knowledge gained from this article and my other php related ones, you should be able to make a rather advanced CMS system if you put all those skills together.
If you're wondering out of curiosity how this site is run, it is actually a very different system. Each page is somewhat independent of each other in terms of html. There are various reasons for this, one of them is that it is more flexible in terms of ad placements, as I can put different ads on different pages as easly as it would on fully static html pages.
This is something you should ask yourself, do you really need a CMS, or do you simply want to plug in php code in html pages? A full featured CMS where you can add modules etc and different sections is cool and all, but if you don't really need it, then stick with static html and php where needed.
But if you need to be able to password protect stuff, and make it easier to change the look then a CMS is the way to go, and coding it yourself is a good start.
This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2019 Ryan Auclair/IceTeks, All rights reserved